I don't know why you are being so rude. I don't thinking smarter than anyone, I just ask some advice using mod_security to this list. I know that should return 403 code, but that generates output traffic, so using mod_security I want to drop this connection, with the configuration that i'm using is doing that, but if you consider that is not right what i'm doing, I will apply your suggestions.

The VPS has preinstalled apache, and I was not quick enough to realize this problem. That was my mistake and I'm working to have the best solution.

It seems that i'm bothering in this list, if so I will quit this list and every body happy, I just was looking for some useful advice, not being insulted.

I'm very sorry for bothering with my emails.

Best regards


2013/2/16 Reindl Harald <h.reindl@thelounge.net>
Am 16.02.2013 16:35, schrieb Alejandro Casagrande:
> Hi Reindl, I really appreciate your suggestions. Yes I put ProxyRequest Off in the redirection to jetty.
> However, in the default vhost I think that I need proxyrequest on, because if I don't have that Apache responds
> when a proxy request attempt is done, returning 403 code. I don't want that apache responds to that request,
> instead I want the connection dropped. I'm doing this with the vhost below, and mod_security is dropping the
> connection.

do yhat you want if you are thinking you are smarter as people
with a lot of production servers, evens as the apache developers
itself which are saying clearly DISABLE THIS BULLSHIT

the HTTP proctocol is designed to respond with a status-code
and if you would not have been so stupid at the begin allow
proxy requests you would not have all this connections which
will sooner or later stop if they recognize taht it is no
longer possible and this is one reason more respond with 403

your problem is generally on the wrong mailing-list because
a misconfiuration of httd has nothing to do with modsec which
should be a FALLBACK and not to fix misconfiguration


Do not enable proxying with ProxyRequests until you have secured your server.
Open proxy servers are dangerous both to your network and to the Internet at large.

This allows or prevents Apache from functioning as a forward proxy server.
(Setting ProxyRequests to Off does not disable use of the ProxyPass directive.)

The Go Parallel Website, sponsored by Intel - in partnership with Geeknet,
is your hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials, tech docs,
whitepapers, evaluation guides, and opinion stories. Check out the most
recent posts - join the conversation now. http://goparallel.sourceforge.net/
mod-security-users mailing list
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: